Module 12 Lesson 3: Auditing Ollama Interactions
Who said what? setting up a robust logging system to track AI usage for compliance and security.
Auditing: Tracking the AI
In a corporate or government environment, you can't just have a "Magic Black Box" that people talk to. You must have a record of every prompt and every response to prevent harassment, data theft, or misuse.
1. Finding the Raw Logs
Ollama keeps its own internal logs, which are focused on "Server Health" rather than "User Content."
- Linux:
journalctl -u ollama - macOS:
tail -f ~/.ollama/logs/server.log
These logs tell you:
- Which model was loaded.
- If the GPU was used.
- If there was a memory crash.
2. Building a "Prompt Logger" (The Middleware)
Because Ollama doesn't save your conversation history to a permanent database by default, you should build a Middleware in your code.
Python Example:
def ask_ai(user_prompt):
# Log the prompt to a secure SQL database
db.save_log(user_id=123, prompt=user_prompt)
response = ollama.generate(model='llama3', prompt=user_prompt)
# Log the answer to ensure the AI stayed safe
db.save_log(user_id=123, response=response['response'])
return response
3. Detecting "Off-Topic" Usage
If you index your logs, you can run a script every night to see if anyone is using the company GPU for personal tasks.
- Search for keywords: "How to buy Bitcoin", "Write me a dating profile", etc.
- Goal: Ensure the expensive hardware you provided is being used for the company's intended mission.
4. The "Reason for Access" Log
For high-security environments, every time a user opens the AI interface, they should be required to type a "Reason for this session." (e.g., "Researching Project Phoenix vulnerability"). This reason is saved in the audit log alongside their prompts.
5. Summary of Audit Levels
| Level | Method | Best for |
|---|---|---|
| Basic | Check server.log | Troubleshooting crashes |
| Internal | Save to local SQLite | Small teams / Startups |
| Enterprise | ELK Stack / Splunk | Corporate compliance (SOC2) |
Key Takeaways
- Auditing is required for legal and professional compliance.
- Ollama server logs are for technical debugging, not content tracking.
- Implement a middleware to save conversations to a central database.
- Regularly review logs to ensure usage aligns with company policy.